From b005f97bcda4825499ff7409abc09df3ba783cc5 Mon Sep 17 00:00:00 2001
From: Michal Maciola <m.maciola@samsung.com>
Date: Thu, 1 Jul 2021 12:32:28 +0200
Subject: [PATCH] svg_loader: memory leak after improper stop tag

<stop> tag should be always a child of a <linearGradient> or
<radialGradient> element, but there were files with <stop> tag inside <rect>.
This patch fixes a memory leak if no gradient is defined before <stop> tag.
---
 src/loaders/svg/tvgSvgLoader.cpp | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/loaders/svg/tvgSvgLoader.cpp b/src/loaders/svg/tvgSvgLoader.cpp
index e4154697..1c733772 100644
--- a/src/loaders/svg/tvgSvgLoader.cpp
+++ b/src/loaders/svg/tvgSvgLoader.cpp
@@ -2232,15 +2232,19 @@ static void _svgLoaderParserXmlOpen(SvgLoaderData* loader, const char* content,
         }
         loader->latestGradient = gradient;
     } else if (!strcmp(tagName, "stop")) {
+        if (!loader->latestGradient) {
+#ifdef THORVG_LOG_ENABLED
+            printf("SVG: Gradient stop but no gradient in the scope\n");
+#endif
+            return;
+        }
         auto stop = static_cast<Fill::ColorStop*>(calloc(1, sizeof(Fill::ColorStop)));
         if (!stop) return;
         loader->svgParse->gradStop = stop;
         /* default value for opacity */
         stop->a = 255;
         simpleXmlParseAttributes(attrs, attrsLength, _attrParseStops, loader);
-        if (loader->latestGradient) {
-            loader->latestGradient->stops.push(stop);
-        }
+        loader->latestGradient->stops.push(stop);
     }
 #ifdef THORVG_LOG_ENABLED
     else {